oauth2.dev

rdap_allowed_purposes

IETF

Registry Context

`rdap_allowed_purposes` is a this claim describes the set of RDAP query purposes that are available to an identity that is presented for access to a protected RDAP resource. claim.

Technical Summary

Federated Authentication for the Registration Data Access Protocol (RDAP) Using OpenID Connect Section 3.1.5.1 defines `rdap_allowed_purposes` for JWT claim sets with the registry description: This claim describes the set of RDAP query purposes that are available to an identity that is presented for access to a protected RDAP resource..

When Used

Used in JWTs that follow Federated Authentication for the Registration Data Access Protocol (RDAP) Using OpenID Connect Section 3.1.5.1.

Normative Requirements

Identity provider

MUST
1
  1. 9560 - Section 3.1.5.1

    assign appropriate purpose values only to end-user identities that are authorized to use them..

    Condition: When assigning purpose values to an end user credential.

    Identity providers MUST ensure that appropriate purpose values are only assigned to end user identities that are authorized to use them.

RDAP server

MUST
1
  1. 9560 - Section 3.1.5.1

    ignore unrecognized purpose values and process the query as if the unrecognized value was absent..

    Condition: When processing the `rdap_allowed_purposes` claim.

    Unrecognized purpose values MUST be ignored, and the associated query MUST be processed as if the unrecognized purpose value was not present at all.

Validation Guidance

error

When processing `rdap_allowed_purposes`, apply the syntax and semantics from Federated Authentication for the Registration Data Access Protocol (RDAP) Using OpenID Connect Section 3.1.5.1.

info

Treat `rdap_allowed_purposes` as profile-specific unless the JWT explicitly follows the referenced specification.

Reference

Details

Entry Id
rdap_allowed_purposes
Claim Name
rdap_allowed_purposes
Claim Description
This claim describes the set of RDAP query purposes that are available to an identity that is presented for access to a protected RDAP resource.
Change Controller
IETF
Reference
RFC9560 - Section 3.1.5.1